BETA Release: Distributed API Security

2 posts / 0 new
Last post
puravida's picture
puravida
Jedi Warrior
Offline
Joined: 09/01/2007
Visit puravida's Website

Today, we are announcing the release of a new feature we call Distributed API Security.

This feature is designed to overcome the security limitations of distributing your software or running a mobile application.

The Problem: If you want to automate screenshots in a distributed software or mobile application, you must somehow address the issue of security. You cannot embed your secret key into your app, because the data stream could be "sniffed" or the software hacked. That would be especially troublesome in a distributed app, because changing your secret key means breaking all existing deployments. Calling the current version of the "Advanced API" would require opening up the account to any referrer (allowing anyone to reuse your credentials).

Our Solution: The Distributed API Security relies on a timestamp and a signature hash that gets compared on the ShrinkTheWeb side. We check it for timing (prevent session reuse) and correct credentials. If all passes, the request is allowed, regardless of referrer. Since the secret key is not passed, there is no risk of the account being compromised and lock to account may remain enforced.

Difficulty: Advanced. The "Best Practice" implementation would be to build a secure bridge between your distributed app and the "Distributed API Security" script on your own server. By using tokens, certificates, or other security measures (that do not include STW credentials), you mask the entire process from the user.

If you find any loopholes or issues, please report them to us via Support.

There will be no charge to use this security feature.

puravida's picture
puravida
Jedi Warrior
Offline
Joined: 09/01/2007
Visit puravida's Website

To download the BETA sample code, please visit our STW Plugins page and download the STW PHP Sample Code. The ZIP contains a file named distributed_api_security.php.

ShrinkTheWeb® (About STW) is another innovation by Neosys Consulting
Contact Us | PagePix Benefits | Learn More | STW Forums | Our Partners | Privacy Policy | Terms of Use

Announcing Javvy, the best crypto exchange and wallet solution (coming soon!)

©2018 ShrinkTheWeb. All rights reserved. ShrinkTheWeb is a registered trademark of ShrinkTheWeb.